<?php

namespace App\Http\Middleware;

use Closure;
use Auth;
use Illuminate\Support\Facades\Route;

class CheckAdminLogin
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        if (!Auth::check()) {
            return redirect('/admin/login');
        };

        //权限验证
        //获取当前路由
        $route = Route::current()->uri;
        $user = Auth::user();

        if ($user->username != 'admin' || $user->id != 1) {
            //验证权限
            if (!$user->can($route)) {
                return abort(403, '您没有权限访问');
            }
        }

        return $next($request);
    }
}
